Cybersecurity researcher, REXor (aka Aaron) recently discovered that several ransomware groups are employing SystemBC, a Swiss Knife proxy malware, for their illicit purposes.  Ransomware Groups Involved Here below, we have mentioned all the ransomware groups that are involved in using this malware:- ViceSociety Rhysida GoldDupont FIN12 8BASE PLAY Hive BlackBasta TropicalScoprious (CUBA) RiddleSpider (Avaddon) WizardSpider (Conti, Ryuk) Egregor DarkSide Maze Team (Maze & IcedID) SystemBC the SWISS KNIFE Coroxy infiltrates systems using diverse methods tailored to the user group, employing:- Reconnaissance Lateral movement Deploying SystemBC (often alongside CobaltStrike) It’s also utilized in Spear Phishing campaigns, delivered via loaders or other malware for installation on victim systems. SystemBC malware adapts its methods but maintains core tasks:- Gather system info –> Establish persistence –> Create a Socks5 connection to the C&C server –> Transmit data –> Await attacker commands or malware launches This backdoor enables attackers to operate from their infrastructure, and over time, numerous groups have used SystemBC.

Source: GBHackers